Law firm Mossack Fonseca made news in recent weeks when their WordPress site was leaked and 11.5 million documents and 2.6TB of private data were leaked to the public.
The leaked data, which ultimately led to the resignation of Iceland’s prime minister, shed some insight into the rich and famous’s tax-evading efforts in recent years and has caused a flurry of problems.
The cause of the leak is suspected to be due at least in part to the fact that Mossak Fonseca was running outdated versions of WordPress, which left them vulnerable to malicious attacks against hackers.
There are some very simple steps that every WordPress blogger can and should take in order to ensure that their website is secure and such cyber attacks don’t happen to them.
Step 1: Keep Your Website Updated
It sounds like a no-brainer, but you would be surprised just how many people get distracted by more important things, and let their WordPress site go out of date. As soon as a new version of WP is available, you should download it because you immediately become vulnerable to a whole slew of security threats. This goes for plugins and themes, too. Stay up to date!
Step 2: Limit Login Attempts
One of the most common ways that a hacker breaks into your website is by brute forcing. If you are unfamiliar with the term, it means that they keep trying multiple password combinations until they get the right one and eventually gain access. You can easily cut this off by limiting the number of attempts a person can make before being shut down. Plugins like Login Lockdown do this for you.
Step 3: Backup Your Files
In a perfect world, no one would ever get hacked and websites would never get ruined. Unfortunately, we don’t live in a perfect world. All you, as a site maintainer, can do is hope for the best and prepare for the worst. By having backups made and ready for any possible attacks, you can ensure that your website will be up and running again in no time, no matter what a potential hacker might do to it. I suggest Backup Buddy for all your WordPress backup file needs. Using a backup is also one of the best ways to restore your site if it’s been hacked.
Step 4: Scan Regularly
Have you ever heard the saying that the best offense is a good defense? If you scan your site for viruses on a near regular basis, you’re staying on top of things and it’s far less likely that a hacker will get one over on you. Sucuri is a great malware scanning software that monitors each and everything done on your website for you. It also helps if you believe your site has been hacked, so it’s great for preventative measures and also for post-hacking, too.
Step 5: Know Your Host
Choosing a host for your site can and should be one of the most important decisions you make on WordPress. There are a lot of things to consider, such as your own budget and what you hope to get from your host, but it is also important to note that a large portion of cyber attacks come from a vulnerability within the hosting software. That being said, you should choose one that you feel comfortable with, and that you believe will protect you against the web’s vulnerabilities.